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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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1)13 Responsive to communication(s) filed on 30 September 2005 . 
2a)D This action is FINAL 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 C D. 11, 453 O.G. 213. 
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5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-12 and 19-22 is/are rejected. 

7) D Claim(s) is/are objected to. 
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Application Papers 
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Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
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1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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DETAILED ACTION 

Claims 1-12 and 19-22 have been considered. 

Election/Restrictions 

Claims 13-18 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being 
drawn to a nonelected group, there being no allowable generic or linking claim. Election was made 
without traverse in the reply filed on 9/30/05. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 8-12 and 19-22 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. Applicant describes a mobile authentication server. It is unclear whether the authentication 
server, itself, is actually mobile or whether the authentication server is a mobile authentication server 
because it authenticates mobile devices. Appropriate correction is required. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-5 and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki, U.S. 
Patent No. 5,841,970, in view of Kippenhan, U.S. Patent Application Publication No. 2002/0010769, in 
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further view of Ishibashi, U.S. Patent No. 6,728,379, in further view of Hammond, U.S. Patent Application 
Publication No. 2003/0078927. 



As per claim 1, the applicant claims a method of communicating data securely with the following 
5 limitations which are met by the combination of Tabuki, Kippenhan, Ishibashi, and Hammond: 

a) receiving a first authentication request from a mobile station (Tabuki: Col 6, lines 1 1-47; 
Kippenhan (claim 34); Hammond: [0012]); 

b) providing a first key to said mobile station in response to said authentication (Tabuki: Col 6, 
lines 11-47; Kippenhan: claim 34); 

10 c) receiving a second authentication request from a database server, said second authentication 

request further including said first key provided by said mobile station and a particular database record to 
which said mobile station is requesting access (Tabuki: Col 7, line 38 to Col 8, line 27); 

d) determining whether said mobile station has authority to access said particular database 
record (Tabuki: Col 7, line 38 to Col 8, line 27); 

15 e) instructing said database server to provide information associated with said requested 

database record to said mobile station wherein said information is encrypted (Tabuki: Col 7, line 38 to Col 
8, line 27; Ishibashi: Col 1, lines 16-59); 

f) providing said mobile station with a second key enabling said mobile station to decrypt said 
information received from said database server using said second key (Tabuki: Col 7, line 38 to Col 8, 

20 line 27; Ishibashi: Col 1, lines 16-59); 

Tabuki discloses a method of communicating data very similar to applicant's instant invention. 
More Specifically, Tabuki discloses a first station (20 of Fig 1) which communicates an authentication 
request which includes a first key to a database server (10 of Fig 1) to access data, for example banking 
records (Col 1, lines 46-50), on the database server. The database server may then provide the 

25 authentication request to an authentication server. The authentication server performs an authentication, 
and, in accordance with the response received, the database server provides information to the first 
station or does not provide information to the first station. Having the authentication process consigned to 
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the external authentication server reduces the burden on the database server and simplifies the 
authentication process (Col 8, lines 10-27). 

While Tabuki discloses that a user (first station) may be provided with a first key used for 
authentication (Col 6, lines 1 1-46), Tabuki is silent as to whether the first key is received at the user (first 
5 station) after an authentication process. Kippenhan discloses the well-known idea that a key may be 
received after an authentication process. It would have been obvious to one of ordinary skill in the art at 
the time the invention was filed to combine the ideas of Kippenhan with those of Tabuki because 
incorporating an authentication process before receiving a first key makes the system more robust and 
secure by ensuring that a key is sent to the appropriate user. 

10 Tabuki in view of Kippenhan disclose the idea that information is sent to a first station after an 

authentication process. However, Tabuki in view of Kippenhan do not disclose the idea that the data is 
encrypted. Ishibashi discloses the idea that encrypted data may be communicated between two 
computers for at least the reason that it increases security in the system by preventing leakage to a third 
party (Col 1, lines 16-18). It would have been obvious to one of ordinary skill in the art at the time the 

15 invention was filed to combine the ideas of Ishibashi with those of Tabuki in view of Kippenhan because 
utilizing encryption to communicate information increases security in the system by preventing leakage to 
a third party. 

Tabuki in view of Kippenhan in further view of Ishibashi disclose all the limitations of the above 
claim, except for the limitation that the first station is a mobile station. Hammond discloses that a first 
20 station may be mobile wireless devices, such as PDAs or laptops. It would have been obvious to one of 
ordinary skill in the art at the time the invention was filed to combine the ideas of Hammond with those of 
Tabuki in view of Kippenhan in further view of Ishibashi and utilize a PDA or laptops because the use of 
such devices would make the system more robust by allowing the first station to be mobile and able to 
gain access in situations where a wired connection is not possible. 



25 
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As per claim 2, the applicant describes the method of claim 1, which is met by Tabuki in view of 
Kippenhan in further view of Ishibashi in further view of Hammond, with the following limitation which is 
met by Tabuki: 

Wherein said step of providing said first key to said mobile station further comprises the step of 
5 providing a time out period for said first key to said mobile station (Tabuki: Col 6, lines 1 1-29; Fig 4); 

As per claims 3,5, and 7, the applicant describes the method of claim 1 , which is met by Tabuki in 
view of Kippenhan in further view of Ishibashi in further view of Hammond, with the following limitation: 

Wherein said information stored in said database server is encrypted using a data access key 
10 and said second key is generated from said data access key and said first key; 

The combination of Tabuki, Kippenhan, Ishibashi, and Hammond teach that information stored in 
a database server is encrypted using a key (second key). However, the combination is silent as to 
whether the key is generated from the first key and another key (data access key). Examiner takes 
official notice that it is common and well-known in the art to build a key from more than one key. It would 
15 have been obvious to one of ordinary skill in the art at the time the invention was filed to use more than 
one key to build a key because doing so increases security in the system since a third party would have 
to know separate keys to construct the actual key used. 

As per claim 4, the applicant describes the method of claim 1 , which is met by Tabuki in view of 
20 Kippenhan in further view of Ishibashi in further view of Hammond, with the following limitation: 

Wherein said step of instructing said database server to provide information to said mobile station 
further comprises the step of providing said database server with a third key wherein said third key is 
used by said database server to further encrypt said information (Tabuki: Col 6, lines 30-42; Ishibashi: Col 
1, lines 16-59). 



25 



Application/Control Number: 10/025,586 Page 6 

Art Unit: 2137 

Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki in view of 
Kippenhan in further view of Ishibashi in further view of Hammond in further view of Takamoto, U.S. 
Patent Application No. 2002/0108060. 

5 As per claim 6, the applicant describes the method of claim 1, which is met by Tabuki in view of 

Kippenhan in further view of Ishibashi in further view of Hammond, with the following limitations which are 
met by Takamoto: 

a) receiving a third authentication request from said database server requesting authorization to 
update said particular database record by said mobile station (Tabuki: Col 7, line 38 to Col 8, line 27; 

10 Takamoto: [0041]); 

b) determining whether said mobile station has authority to update said database record (Tabuki: 
Col 7, line 38 to Col 8, line 27; Takamoto: [0041]); 

c) instructing said database server to allow said mobile station to update information associated 
with said database record (Tabuki: Col 7, line 38 to Col 8, line 27; Takamoto: [0041]); 

15 d) providing said mobile station with said second key enabling said mobile station to encrypt any 

information to be transmitted over to the database server to be updated at said database record (Tabuki: 
Col 7, line 38 to Col 8, line 27; Takamoto: [0041]); 

The combination of Tabuki, Kippenhan, Ishibashi, and Hammond meet all the limitations of claim 
1. However, the combination is silent as to whether updating is done by the mobile station. Takamoto 

20 discloses the idea that updating may be done after an authentication process. It would have been 
obvious to one of ordinary skill in the art at the time the invention was filed to combine the ideas of 
Takamoto with those of Tabuki in view of Kippenhan in further view of Ishibashi because doing so makes 
the system more robust by allowing the mobile station to update content and make changes to 
information stored on the database server. 



Claims 8 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki in view 
of Ishibashi in further view of Hammond. 
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As per claims 8 and 19, the applicant describes a method of communicating data securely which 
is similar to that of claim 1 with the exception that applicant does not include the step authenticating a 
user before providing a first key. Accordingly, the Kippenhan reference which was used to meet this 
5 limitation in the rejection of claim 1 has not been applied. 



As per claims 9 and 20, the applicant describes the method of claims 8 and 19, which are met by 
Tabuki in view of Ishibashi in further view of Hammond, with the following limitations: 

a) receiving a second encryption key from said authentication server (Tabuki: Col 6, line 30-42; 
10 Ishibashi: Col 1, lines 16-59); 

b) encrypting said stored information using said second encryption key (Tabuki: Col 6, line 30-42; 
Ishibashi: Col 1, lines 16-59); 

c) providing said encrypted information to said wireless device (Tabuki: Col 6, line 30-42; 
Ishibashi: Col 1, lines 16-59). 

Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki in view of 
Ishibashi in further view of Hammond in further view of Takamoto. 



As per claim 12, the applicant describes the method of claim 8, which is met by Tabuki in view of 
20 Ishibashi in further view of Hammond, with the following limitations which are met by Tabuki in view of 
Takamoto. The limitations and reasons for combination have been explained in the rejection of claim 6. 



25 



Claims 10-1 1 and 21-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki 
in view of Ishibashi in further view of Hammond in further view of Dang, U.S. Patent Application No. 
2003/0101113, in further view of Honjo, U.S. Patent Application No. 2002/0049912. 
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As per claims 10-11 and 21-22, applicant describes the method of claims 8 and 19, which are met 
by Tabuki in view of Ishibashi in further view of Hammond, with the following limitation which is met by 
Dang and Honjo: 

Wherein said step of receiving said request from said wireless device to access said information 
5 further comprises the step of receiving a session key generated by said authentication server from said 
wireless device (Dang: [0016]; Honjo: claim 11); 

Tabuki in view of Ishibashi in further view of Hammond disclose all the limitations of claims 8 and 
19. However, the combination is silent as to receiving a request which includes a session key generated 
by the authentication server from said wireless device. Dang teaches including a session key, in a 
10 request, for authentication purposes. It would have been obvious to one of ordinary skill in the art at the 
time the invention was filed to combine the ideas of Dang with those of Tabuki in view of Ishibashi in 
further view of Hammond and include a session key in the request as a further means to authenticate the 
mobile station. 

Tabuki in view of Ishibashi in further view of Hammond in further view of Dang are silent as to the 
15 generation of the session key from a server. Honjo discloses the idea that a session key may be 

generated by a server and provided to a mobile station. It would have been obvious to one of ordinary 
skill in the art at the time the invention was filed to combine the ideas of Honjo with those of Tabuki in 
view of Ishibashi in further view of Hammond in further view of Dang and generate the session key at the 
authentication server because doing so increases security in the system by ensuring that the session key 
20 is generated by a trusted source and doing so allows the session key computation to take place at the 
authentication server, thereby reducing computation capacity required at the mobile station. 



Conclusion 

This action is made non-final. 
25 Any inquiry concerning this communication or earlier communications from the examiner should 

be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 7:30-6:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
5 Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 

0 
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